0

Our business management system has had some hiccups here and there the past couple of weeks. It has been denied access to some of the files it uses. By digging around with Manage Open Files I have been able to determine which user(s) are accessing the files in question. From here I've used both the Resource Manager and Process Explorer to search for a substring of the directory that these files are in. I can see the processes that are supposed to be accessing those directories and the files that are intended to be accessed. The problem is that searching for handles never shows the troublesome files at all, thus I cannot determine the process that's locking them up. Part of the problem is that the files are accessed periodically, not constantly. To ensure that my attempt to track down the offending process, I followed these steps:

  1. Refresh Manage Open Files until the files in question are shown to be open by the user.
  2. Search for the substring of the directory in handles.
  3. Refresh Manage Open Files again to see that the files are still being accessed after the handle search is complete.

These steps should theoretically guarantee that I catch the files in use, but I still get no results other than the ones I expect.

Does anyone have any other ideas on how I can determine what process is accessing theses files? I know for sure the users that are accessing them, and I've been running handle searches from their workstations remotely.

[EDIT1] The server is running Windows Server Standard, and client machines are all running Windows 7 Professional. The files are estimates exported by CCC One (it's a collision repair company), and the program that is being denied access is NEX (Our business management system) by Nexsyis. As far as protocol, I'm not absolutely sure but I would imagine it's SMB.

Dave
  • 43
  • 5

1 Answers1

2

I assume you are talking about Windows Server. If so, I suggest taking a look at the following tools:

  • Resource Monitor: Start > Run > resmon. The "Disk" lists process, open files and Read / Write operations.
  • Computer Management > Shared Folders > Shares (compmgmt.msc) to see open network shares.
  • The net session command
  • Sysinternals Process Explorer - You can search for handles with Ctrl + f
  • Sysinternals Process Monitor - you can setup a 'long term' capture to match the file path in questiona and leave it on for an extended period while you attempt to reproduce the problem.

Either way - I suggest providing additional technical details to help answer your question (such as the Operating System, Tool and used protocol).

Criveti Mihai
  • 151
  • 2
  • I've updated my question with some more information. Also, Process Monitor may be my solution. I'm just testing out the filters now to get it best set up to capture the events I'm looking for. – Dave Nov 12 '14 at 14:56
  • I worked with Process Monitor when I had time the last couple of days of last week. It's a great program, but it seems I'm still missing something. I had Process Monitor set up to watch the directory where these files are, and I was able to see the regular, expected events with my filter. The issue now is that when the files are accessed by the offending process, which I can see happen in the open files manager, no event is logged. I know my filter is correct because I am able to see other events in the appropriate folder with it. – Dave Nov 17 '14 at 21:33